Privacy Policy

Last updated: 16.7.2025

This privacy policy informs you about what happens to personal data (“data”) that we collect from you when you use the “Hall of Arts” app and the “Hall of Arts” website, or that you provide to us when you visit the website or app.

‍

Data protection officer

‍

AP Entertainment GmbH
FN 645437y
Tiefer Graben 9/14, 1010 Wien

Telephone number: +43 699 1900 7000

E-Mail: office@hall-of-arts.com

‍

References to “we,” “us,” or “our” in this privacy policy refer to AP Entertainment GmbH.

‍

Introduction

This privacy policy sets out the guidelines and procedures relating to data that we collect from or about users and how this data is processed in connection with the provision of the platform. This privacy policy also explains how you can contact us.

We assume that when you provide us with information or use the platform, you have read and agree to this privacy policy.

‍

What data is collected?

When you register on the platform and use it, we collect the following information, although not all data is always collected:

E-Mail
First and Sir Name
Date of birth
Payment details
Data on who you follow
Data on who follows you
Uploaded photos
Your interestes (especially in the field of art, but not in the field of personal life)

When you visit our website or apps without registering, we do not collect any personal data other than the IP address and device ID of the device you use to access our website. We sometimes use various analysis tools to determine traffic on the website or to simplify its use. However, neither we nor third parties can draw any conclusions about your identity from this data. Details are provided below:

‍

Cookies

Cookies are pieces of information that are stored directly on the computer you are using. Cookies enable us to collect information such as browser type, time spent on the website, pages visited, preferred languages, and other data about web traffic. Together with our service providers, we use this information for security purposes, to facilitate online navigation, to display information more effectively, to personalize your experience when using our website, and to analyze user activity in other ways. We also collect statistical data about the use of our website in order to continuously improve its design and functionality, to understand how it is used, and to assist us in answering questions. If you wish to opt out of data collection via cookies when using your customer profile or our website, most browsers provide a simple way to automatically reject cookies or give you the choice to reject or accept the transfer of a specific cookie or cookies from a specific website to your computer. For more information, please visit http://www.allaboutcookies.org/manage-cookies/index.html.

You can find more information about the cookies used in our consent manager, which opens when you visit our website for the first time. There you can select your individual cookie settings and also reject the use of cookies entirely without this preventing you from accessing our services. In our consent manager, you will also find a list of the individual cookies and their purpose that are used when you visit our website.

‍

Analytic tools

We also use third-party services for website and application analysis, which use cookies and similar technologies to collect information about the use of websites or applications and report trends without identifying individual visitors. These third parties that provide such services may also collect information about your use of third-party websites. You can download the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout, to learn more about how Google collects this information and how you can opt out.

‍

Pixel tags and other similar technologies

Pixel tags (also known as web beacons or clear GIFs) can be used in connection with some services to track the actions of users of the services (including email recipients), measure the success of our advertising campaigns, and compile statistics on the use of the services and response rates.

‍

Email correspondence

As part of our normal office activities, we also store any email correspondence with you. The emails are stored in the respective email program and are regularly archived or deleted, unless otherwise required.

‍

How is your data used?

The data collected on the website or in the apps is used to personalize your user experience. Specifically, we use the data to create a personalized graphic display showing posts from other users whom you follow or whose posts may be of interest to you based on your interests and the profiles you already follow.

We also use your data to communicate with you when you contact us or we contact you directly.

‍

Legal basis

Your data will be processed on one or more of the following legal bases. Not all of these may apply to you personally.

Your consent (please note that you can withdraw your consent at any time, see more below)
Because it's necessary to fulfill our legal obligations. This especially applies to tax-related data retention requirements
Because processing your data is necessary to safeguard our legitimate interests. Conducting marketing communication and advertising is also considered a legitimate interest
Because it's necessary to realize our legitimate interest related to the administration, operation, and optimization of the website
Because it's necessary to realize our legitimate interest related to quality control and business planning
Because we need it to enforce our legal claims (debt collection, etc.)

‍

Who will your data be shared with?

Your data will not be passed on to third parties under any circumstances. However, under certain circumstances, we may use the services of contract processors who process data on our behalf in accordance with our specifications and instructions or who require the data for order processing in order to fulfill your order or conduct our business operations.

‍

Cross-border transfers

Our services are generally provided from Austria and your data will also be stored in Austria. Data will not be transferred outside the European Economic Area (EEA). Should this ever be necessary, it would be done on the basis of standard contractual clauses approved by the European Commission.

‍

Your rights

As already mentioned above, we attach great importance to the proper, transparent, and, above all, confidential handling of your data.

‍

Information or correction

You can request information at any time about which of your data we process and/or store and request that it be corrected if necessary. We will respond to all your requests in accordance with our legal obligations. In order to process such requests, we may require additional information from you, such as a copy of your ID.

We will comply with legitimate requests for information and/or correction within the statutory period of no more than one month.

‍

Right to erasure

You also have the right to have your data deleted if

The data is no longer necessary for the purpose for which it was collected or otherwise processed
You have withdrawn your consent to data processing or have objected to the processing (provided there is no other legal basis for processing)
Your data was processed unlawfully
The deletion of your data is necessary to fulfill a legal obligation
The data was collected from a child (under 16 years of age) in connection with information society services

You can submit deletion requests using the contact details listed below. We will comply with justified deletion requests within the statutory period of no more than one month.

‍

Right to restriction of processing

You have the right to request a restriction on the processing of your data. You can submit such a request using the contact information below. We will comply with valid requests within the legal timeframe.

‍

Right to object to processing

You have the right to object at any time to the processing of your data that is carried out for public interest or for our legitimate interests. The same applies if personal data is processed for direct marketing or profiling. Your objection means that your data will no longer be processed for these purposes and will be deleted. You can object at any time using the contact information below.

‍

Right to data portability

You have the right to data portability, which means your data will be provided to you in a structured, commonly used, and machine-readable format. This allows you to transfer it to another controller without hindrance. If possible and if you wish, we can also transfer your data directly to the controller you have specified.

‍

Right to withdrawal consent

You have the option to withdraw your consent to data processing at any time without any negative consequences for you. You can exercise your right of withdrawal using the contact information below.

‍

Right to lodge a complaint

If you believe that you have identified a violation of data protection regulations, we suggest that you contact us first so we can review the matter and, if necessary, take corrective action. However, you also have the right to lodge a complaint. The contact details of the competent authority are:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Wien
Email: dsb@dsb.gv.at

‍

Exercising your rights

We ask that you clearly state in your request which information you would like to have access to or have corrected, whether you want the information provided to us to be blocked in our database, or what other restrictions you want to impose on our use of the information you have provided. For your protection, we will only process requests regarding information associated with the email address you used to submit the request. We may need to verify your identity before we can comply with your request.

Please also note that we may need to retain certain information for document management or legally required purposes and/or to complete transactions that began before the requested change or deletion. There may also be residual information that remains in our databases and other records that cannot be removed.

‍

Security

We are committed to providing appropriate organizational, technical, and administrative security measures to protect information. Unfortunately, the security of a data transfer or storage system can never be 100% guaranteed. If you have reason to believe that your interaction with us is no longer secure, please notify us of the problem immediately. The sooner you let us know, the smaller any potential damage can be kept.

‍

Retention and deletion period

We retain data we have received from you for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is legally permissible or required.

Primarily, we therefore store your data for the duration of the order processing and for the usual duration of any follow-up inquiries and complaints.

As a rule, we adhere to the following deletion policy:Your data is generally processed based on the above legal grounds for another 40 months after the termination of the contractual relationship (i.e., 36 months for possible contractual claims for damages plus a maximum of four months for the service of a lawsuit) and then deleted (at least the personal reference). After that, any personal data from invoices will be processed until the end of the statutory retention period (currently generally 7 years).

‍

Minors

Our services are not intended for individuals under the age of fourteen, and we ask that these individuals do not provide us with any information.

‍

Links

This privacy policy does not apply to the privacy, information, or other practices of third parties, and we are not responsible for them. This includes third parties that operate sites or services to which our services are linked. The inclusion of a link on our website or app does not imply our endorsement of the linked site or service, nor is it an indication of any affiliation with that third party.

Please note that we are not responsible for the collection, use, or disclosure policies and practices (including privacy practices) of other organizations, such as other app developers, app providers, social media platform providers, operating system providers, or wireless service providers. Similarly, we are not responsible for any information you disclose to other organizations.

‍

Update to this policy

This privacy policy may change. We refer you to the "Last updated on" legend at the bottom of the page. All changes to this privacy policy will become effective upon publication.

‍

Contact

You can reach us at:

AP Entertainment GmbH
Tiefer Graben 9/14, 1010 Wien

Phone number: +43 699 1900 7000

Email: office@hall-of-arts.com

‍

Definitions

To make this privacy policy easier to understand, you will find a brief explanation of the terms used below.

Personal data (“data”) is all data that contains information about personal or factual circumstances of natural persons, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc. Data from legal entities is not subject to the provisions of the GDPR.

Processing is any process or series of processes carried out with or without the aid of automated processes in connection with personal data, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.

The controller is the natural or legal person, authority, agency or other body which alone or together with others decides on the purposes and means of processing personal data.

Contract processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible.

Recipient is a natural or legal person, authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not

Our contact details

If you have any further questions, we, as the person responsible for the data processing discussed herein, will be happy to answer them using the following contact details:

AP Entertainment GmbH

Tiefer Graben 9/14, A-1010 Vienna

Telephone number: +43 699 1900 7000

Email: office@hall-of-arts.com

Purposes and legal basis of processing

Data may only be processed for a specific purpose and only if the processing can be based on an appropriate legal basis. Processing may be justified for the following reasons:

‍

Legal Basis for Processing	Legal Justification
Based on your voluntary consent for a specific purpose	Art 6 (1) (a)
For the performance of a contract, if you are a party to it, or for the purpose of entering into a contract when processing is at your request	Art 6 (1) (b)
Based on a legal obligation to which we are subject	Art 6 (1) (c)
To protect your vital interests or the vital interests of another person	Art 6 (1) (d)
For the performance of a task carried out in the public interest or in the exercise of official authority vested in us	Art 6 (1) (e)
Based on a balancing of interests between our interest or the interest of a third party in the processing on the one hand, and your interest or your fundamental rights and freedoms on the other hand	Art 6 (1) (f)

‍

We process your data for the following purposes based on the following legal bases:

‍

Categories of Data Collected	Purpose of Processing	Legal Basis
Applicant Data (Name, date of birth, place of birth, address, email address, phone number, other data from résumés)	This data is necessary for the use of our services and for contract initiation, and is collected from you.	Art 6(1)(a) and (b) GDPR
Contact Data (Name, address, email address, phone number)	This data is necessary for the use of our services or for contract initiation and is collected from you when you contact us.	Art 6(1)(a) and (b) GDPR
Technical Information (IP address, operating system)	This data is required to ensure that the website you opened on your initiative can be displayed correctly.	Art 6(1)(f) GDPR

‍

Transceivers

Recipients assist us in complying with legal or legal obligations, in initiating and fulfilling contracts, with services that require your consent, or in carrying out processing that is in our legitimate interest. We transfer or disclose some of the data to the following recipients (order processors or responsible persons) in particular:

‍

Recipients	Description
IT Service Providers	Operation of our IT systems, especially email services, hosting services, etc.
Subcontractors	If and to the extent that services are not provided by us and a legal basis exists
Tax advisors, accountants	Processing of data for tax or accounting reasons
Lawyers, court, debt collection agency	If necessary for the enforcement or defense of claims

‍

We will only transfer your data to other recipients if you have given your express consent in accordance with Article 6 (1) (a) GDPR, this is legally permitted and is necessary in accordance with Article 6 (1) (b) GDPR to fulfill a contractual relationship with you, or if we have a legal obligation to do so under Article 6 (1) (f) GDPR to protect our legitimate interests and to assert, exercise or defend legal claims is necessary and there is no reason to It is assumed that you have an overriding legitimate interest in not sharing your data.

We intend to transfer the data to the following third countries: United States of America.

There is an adequacy decision from the European Commission for the United States of America. By decision of 10.07.2023, the European Commission has C (2023) 4745 final decided that the United States of America offers an adequate level of data protection within the meaning of Art 45 GDPR when our contractual partner enters the List of the EU/US data protection framework is registered. Information on how to add individual providers to this list can be found in the respective section of this privacy policy.

Unless there is an adequacy decision, we may only transfer data on the basis of appropriate guarantees, such as standard contractual clauses, binding internal data protection regulations, approved codes of conduct, approved certification mechanisms, etc. Under the conditions of Art 49 GDPR, a transfer may still be permitted. We will be happy to provide you with a copy of these guarantees for your particular case upon request.

There is no intention to transfer the data to an international organization.

‍

Storage period

In principle, data is only stored for as long as is necessary due to legal storage obligations. In addition, storage may take place if this is necessary to enforce or defend claims by third parties. Important storage periods can be found below:

‍

Retention Obligation	Anticipated Storage Duration
Commercial law retention obligation according to §§ 190, 212 UGB (Austrian Commercial Code)	7 years
VAT law retention obligation for invoices according to § 11 (2) 3rd subparagraph UStG (Austrian VAT Act)	7 years
VAT law retention obligations for export documents according to § 7 (7) UStG (Austrian VAT Act)	7 years
Warranty according to § 933 ABGB (Austrian Civil Code)	2 years
Purchase price claims for movable property according to § 1062 in conjunction with § 1486 ABGB (Austrian Civil Code)	3 years
Claims from a contract for work according to § 1486 ABGB (Austrian Civil Code) (if the service was provided as part of a commercial or other business operation)	3 years
General claims for damages according to § 1489 ABGB (Austrian Civil Code) (actions for compensation)	3 years/30 years
Liability claims according to § 13 PHG (Austrian Product Liability Act)	10 years

‍

Webflow

The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.

Webflow is a tool for building and hosting websites. Webflow stores cookies or other recognition technologies that are necessary to display the page, to provide certain website functions and to ensure security (necessary cookies).

For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.

Webflow is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active

‍

Fonts

We use on our website Google Fonts and other fonts to present our content in a visually appealing way. These fonts are hosted locally on our server (provided via Webflow). This avoids a direct connection to the servers of Google or other external providers and no transmission of your IP address or other data to these providers takes place. The use of these locally hosted fonts serves our legitimate interest in an appealing and user-friendly website design (Art. 6 para. 1 lit. f DSGVO).

‍

World4You

We use the web hosting provider World4You for our website. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

You can find out more about the data that is processed through the use of World4You in the privacy policy at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html.

‍

Services from Google

‍

General

The provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Google's privacy policy can be found here.

However, some services (such as Google Search or Google Maps) are provided by or transmitted to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA Google LLC is based in a third country. Google LLC is on the list, meaning that data transfer to the USA is data protection compliant within the meaning of Art 45 GDPR. For more information about Google LLC certification, please here.

Some Google services use cookies. An overview of the cookies used, their purpose and storage period can be found in the cookie section of this privacy policy. For the use of Google services and the setting of the necessary cookies, your consent in accordance with Article 6 (1) (a) GDPR or Section 165 (3) TKG is obtained before processing. Your consent can be freely withdrawn at any time.

Prior consent is not obtained for cookies unless the sole purpose is to transmit a message or if this is absolutely necessary so that we can provide you with a service that you have expressly requested.

‍

Google Ads

We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services.

Google Ads is used to better analyze user actions. When you click on one of our Google ads, the “Conversion” cookie from a Google domain is stored on your device.

We also use Google Ad Remarketing for our website.

The main cookies used in this context are:

‍

Name	Duration	Description
Conversion	3 months	This cookie stores every conversion you make on our website after you have come to us via a Google Ad.
_gac	3 months	This cookie is used to track various actions on our website.

‍

Google Tag Manager

We use Google Tag Manager as an organizational tool with which we can manage website tags centrally and via a user interface. For example, tags are used to record your activities on our website. The tags mostly come from Google products such as Google Ads or Google Analytics.

With Google Tag Manager, no cookies are set and no data is stored. Instead, he acts as an administrator of the tags implemented in the system. The data is captured by the web analysis tools tags. In this sense, the data is sent through to the individual tracking tools and is not stored.

‍

Meta services

‍

Meta Business Tools

Within our online offering, we use Meta Business Tools, which are operated and provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Meta”).

The following processing operations are carried out exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR.

‍

Meta Pixel

Meta pixel is a code that loads a collection of functions with which Meta can track its user actions on our website. The meta pixel can save your actions on our website in one or more cookies. For more information about Meta Pixel, see link. We also use custom audiences. You can find more information about this here.

The pixel collects information such as your IP address and user ID and compares this with the data from your Facebook account.

Meta uses different cookies depending on interaction and user behavior. For example, the following cookies are used:

‍

Name	Duration	Description
_fbp	3 months	This cookie is used to display advertising products.
fr	3 months	This cookie ensures the functionality of Meta Pixel.
Comment_author_50ae8267e2bdf1253ec1a5769f48e062138118815-3	12 months	This cookie stores a user's text and name, for example, when leaving a comment.
Comment_author_url_50ae8267e2bdf1253ec1a5769f48e062	12 months	This cookie stores the URL of the website that the user enters in a text field on our website.

‍

Cookies

Cookies are text files that are stored on your device to recognize it. Cookies can contain information about the use of our offers and services. For cookies, due to the Judgment of the ECJ Planet49 GmbH, obtained consent even if the cookies are not personal.

Some of the cookies used are only stored until you close our website again (session cookies), whereas certain cookies are stored for a longer period of time and you can be recognized (persistent cookies). Some cookies are absolutely necessary for the website to function (essential cookies), others record visits and origin of the visitor and measure this data without the cookies being able to identify you (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).

Insofar as personal data is also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either to execute the contract, in accordance with Art. 6 para. 1 lit. a GDPR if consent has been given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the user experience.

The cookie statement when you visit the website for the first time allows you to select which cookies you want to allow. Marketing cookies require your consent. If you want to withdraw your consent or change your cookie settings, you can make this change directly in your browser.

‍

Other information

The provision of personal data is sometimes required by law or necessary for the conclusion of a contract. In principle, you are not required to provide the data. If you do not provide the data, it is not possible to conclude a contract.

There is no automated decision-making, including profiling, in accordance with Article 22 paragraphs 1 and 4.

‍